An inspirational coach and lifelong learner

Main menu

Post navigation

CISSP PRACTICE QUESTIONS – 20200515

Your company sells toys online worldwide, which is supported by a three-tiered E-Commerce web-based system. You are planning for patching the web servers and worried about the integrity of system configurations is compromised if failures occur when applying patches. Which of the following security functional components best addresses your concerns?A. Reference monitor
B. Trusted path
C. Configuration management
D. Manual recovery

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Manual recovery.

Security Function vs Security Assurance

If a patch failed, it should be rolled back and recovered. Configuration management helps in the process of rollback and recovery, but it, on its own, cannot recover the patch. The recovery work is done by trusted recovery, a Security Functional Requirement (SFR) specified in the Common Criteria, while configuration management is a Security Assurance Requirement (SAR).

Moreover, the question is asking about “security functional components.”

Trusted Recovery

There are four types of trusted recovery defined in the Common Criteria:

Functional recovery: e.g., if the installation program (setup.exe) failed, all the installed programs, files, and configurations are rolled back.

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.